Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed
in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and
access to the full text.
On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely
map of contemporary research in cryptology.
All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.

AbstractIn this thesis, we study the question of achieving cryptographic security on
devices that leak information about their internal secret state to an external attacker. This study is motivated by the prevalence of side-channel attacks, where
the physical characteristics of a computation (e.g. timing, power-consumption,
temperature, radiation, acoustics, etc.) can be measured, and may reveal useful information about the internal state of a device. Since some such leakage is
inevitably present in almost any physical implementation, we believe that this
problem cannot just be addressed by physical countermeasures alone. Instead, it
should already be taken into account when designing the mathematical specication of cryptographic primitives and included in the formal study of their security.
In this thesis, we propose a new formal framework for modeling the leakage
available to an attacker. This framework, called the continual leakage model, assumes that an attacker can continually learn arbitrary information about the internal secret state of a cryptographic scheme at any point in time, subject only to the
constraint that the rate of leakage is bounded. More precisely, our model assumes
some abstract notion of time periods. In each such period, the attacker can choose
to learn arbitrary functions of the current secret state of the scheme, as long as
the number of output bits leaked is not too large. In our solutions, cryptographic
schemes will continually update their internal secret state at the end of each time
period. This will ensure that leakage observed in dierent time periods cannot be
meaningfully combined to break the security of the cryptosystem. Although these
updates modify the secret state of the cryptosystem, the desired functionality of
the scheme is preserved, and the users can remain oblivious to these updates. We
construct signatures, encryption, and secret sharing/storage schemes in this model.